Navigating 2025: WatchGuard’s Cybersecurity Predictions And What They Mean For MSPs

Cybersecurity is always evolving, and 2025 is shaping up to bring some big changes. With attackers getting smarter, managed service providers (MSPs) have a chance to turn challenges into opportunities.

In an exclusive interview with CRNtv, host Sydney Neely speaks with Marc Laliberte, director of security operations at WatchGuard, about what’s coming and what it means for the channel.

The Rise of Automation in Cyberattacks

Sydney: We know attackers are using more advanced tools to streamline their attacks. What’s one major trend MSPs need to be aware of, and how can they position themselves to protect their clients?

Marc: We expect to see attackers leverage multimodal AI to create entire attack chains. Attackers have been experimenting with single-modal AI, which is artificial intelligence that’s really good at one thing—like writing, creating source code, making pictures or deepfaking audio—but it’s not a generalist. It’s not good at everything. So, they’re having to pick and choose different models to do different parts of the attack chain, like writing phishing emails, creating scripts to spin up attacker infrastructure or generating malware payloads. We’ve also seen them use artificial intelligence as part of phishing toolkits available online and in underground marketplaces.

We expect attackers to leverage advancements in artificial intelligence with true multimodal AI, which is artificial intelligence that can do multiple things really well, to commoditize the entire attack chain. This means there’s a real risk that these threats will overwhelm already resource-starved companies. As a result, we expect to see MSPs increasingly adopt managed detection and response (MDR) services, like WatchGuard MDR, to help reduce their mean time to detection (MTTD) and mean time to response (MTTR) to potential security incidents targeting them and their customers.

Supply Chain Vulnerabilities

Sydney: Cybercriminals are getting creative, especially when it comes to targeting supply chains. What strategies should MSPs focus on to detect and prevent these types of long-term threats?

Marc: Attackers are really focusing now on what we call the long con in digital supply chain attacks. They’ve been attacking the supply chain for years now—SolarWinds back in 2020 into 2021 was a major incident. But attackers are also focusing on little-known open-source libraries too.

For example, XZ Utils is one that most people probably never heard of—at least until early last year. For those that still don’t know what it is, it’s a compression utility that’s included in every single Linux distribution. And in March of last year, someone inserted a little bit of malicious code that would have given them the ability to execute commands on any internet-exposed Linux system in the world.

This was only discovered because one Microsoft engineer noticed that his SSH management connections to his server took a few tenths of a second longer to complete than he expected. When he went to investigate, he unraveled a nearly two-year effort by a threat actor to build up credibility by fixing bugs in this utility over time, before finally gaining the level of access they needed to insert a stealthy implant into the software.

We expect these kinds of long con attacks to become the norm.

Emerging AI Threats

Sydney: AI has become such a big part of our world, but not all of it is being used for good. How can MSPs prepare for the ways bad actors might exploit AI and turn that into a chance to stand out in the channel?

Marc: Generative AI is very much in a hype cycle. If you talk to any software company that got any amount of funding in the last year, all of them are going to tell you they’re using that funding to add artificial intelligence to their product. Gartner is putting generative AI at the peak of inflated expectations now in their hype cycle model, meaning it’s on its way to the trough of disillusionment, where people are going to start getting burned out or turned off by some of the implementations. But while that’s happening, the technology is improving at an extremely rapid rate. Deepfake audio and video are becoming incredibly convincing, and it’s already being used in major attacks.

There was one early last year where a financial employee wired $25 million to an attacker, even after a very convincing Zoom call with the CFO, which turned out to be real-time deepfaked audio and video of that executive convincing this employee to wire the money.

So, we expect MSPs and their customers to really see an increase in AI-powered social engineering in the forms of audio and video phishing. MSPs should combat this with targeted training to make sure their employees and customers are aware that we really can’t trust a Zoom call anymore—paired with technical controls to defend against identity-based attacks.

For more insights into WatchGuard’s 2025 cybersecurity predictions, visit WatchGuard.com/predictions.